From 95d9ade3916876028b482bc6e74028363b80d01b Mon Sep 17 00:00:00 2001
From: Djordje Lukic <djordjelukic22@gmail.com>
Date: Thu, 26 Dec 2024 15:29:30 +0100
Subject: [PATCH] Fixing indentation

---
 .../win_codeintegrity_attempted_dll_load.yml              | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/windows/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml b/rules/windows/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml
index 5db3fc2f2b4..f3c8172ecc8 100644
--- a/rules/windows/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml
+++ b/rules/windows/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml
@@ -110,11 +110,11 @@ detection:
     filter_optional_kaspersky:
         # Example: \Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll
         - ProcessNameBuffer|contains|all:
-            - '\Kaspersky Lab\'
-            - '\avp.exe'
+              - '\Kaspersky Lab\'
+              - '\avp.exe'
         - FileNameBuffer|contains|all:
-            - '\Kaspersky Lab\'
-            - '\antimalware_provider.dll'
+              - '\Kaspersky Lab\'
+              - '\antimalware_provider.dll'
     condition: selection and not 1 of filter_main_* and not 1 of filter_optional_*
 falsepositives:
     - Antivirus and other third party products are known to trigger this rule quite a lot. Initial filters and tuning is required before using this rule.